Digital Forensics and Digital Evidence

Date

Invalid Date – Invalid Date

Registration

Invalid Date – Invalid Date

Participation fee

This is a free course

To support the preparation of participants in the Introductory Digital Forensics Course, the Centre provides an online web-based course on digital forensics and digital evidence. This course is open to all individuals from NATO CCDCOE Sponsoring Nations, Contributing Participants as well as NATO bodies. This course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.

Learning Objectives

Define the scope of the science of digital forensics

Define digital evidence and provide examples

Describe the legal status of digital evidence

Define the concepts of integrity and authenticity that laws about digital evidence deal with

Describe the difference between digital forensics and incident response

List the areas of digital forensics

Will be able to describe the phases of the digital forensic process and give examples of the requirements that investigators should follow when working on each

Differentiate between dead and live acquisition of digital evidence and explain in what situations which mode of acquisition should be preferred

Define memory and disk imaging

Describe the possible methods of acquisition of memory images and specify which of them are safe to use in digital forensics and which not

Describe the functionalities of different formats of disk images

List the types of evidence that can be found from the system’s memory

List the types of evidence that can be found when examining Windows OS

Give examples of the information that an investigator can find and deduce when examining web browser artifacts

Describe the limits of the recovery of instant messages

Describe the elements of an e-mail that an investigator should examine

TargetAudience

The TA of this module is the same TA, as the targeted TA of the Introductory Digital Forensics Course.

Outline

Digital Forensics and Digital Evidence

Digital Forensic Process

Acquisition of Digital Evidence

Examination and Analysis of Digital Evidence

Prerequisites

The requirements of the Introductory Digital Forensics Course apply.

Registration

The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘Digital Forensics and Digital Evidence’ course listing.